How does GitHub android app force authentication?

StackOverflow https://stackoverflow.com/questions/20707154

Question

I am digging through the GitHub android app source code.

I am trying to find out how do they force the LoginActivity to show up when the app is first started. In their manifest they seem to have HomeActivity as the MAIN and LoginActivity is only launched explicitly.

So that means that always HomeActivity is launched when the app first opens up. However, I don't see any logic in HomeActivity that shows that they check whether the account is present or not, if its not present then go to LoginActivity

In the code LoginActivity is only launched from here.

Was it helpful?

Solution

Okay, the whole Android account authentication and sync adapters mechanism may be rather complicated at first look, and GitHub Android app adds another layer of complexity there, but I'll try to explain you the whole flow (I hope that my understanding is correct).

At first, I'd recommend you this article about Android Authenticator if you are not familiar with the subject yet. GitHub Android uses exactly the same mechanism, described in that article.

You are right, HomeActivity is launched first. It then launches OrganizationLoader to load a list of orgs. That loader invokes method from OrganizationService which is a part of GitHub Java API. GitHub Android uses RoboGuice to configure injecting of most commonly used classes like GitHub API services. You can see that OrganizationService is created in ServicesModule. It takes GithubClient as a constructor parameter and there is also a GitHubModule which is configured to return AccountClient when an instance of GitHubClient is needed. AccountClient overrides configureRequest() method and invokes

String token = account.getAuthToken();

This is a method of GitHubAccount class, which invokes a method from internal Android's AccountManager. And AccountManager is configured to use that AccountAuthenticator you've talked about, which returns LoginActivity intent if there is no account on device.

Hope this helps :)

OTHER TIPS

The app is using the Android account system, which is actually implemented in the class you already found. That account system will at some point call getAuthToken(), and there it's a simple check whether the password is empty, that returns the Intent for the LoginActivity to the account management system. Using that intent, the account management system will call back into the app and finally invoke the LoginActivity.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top